# Makefile — convenience targets for the CVE-2026-24072 testing lab. # Allow overriding the host port LAB_PORT ?= 8080 CONTAINER_NAME = cve-2026-24072-lab .PHONY: all build up down vuln fixed which test verify-sentinel logs shell help all: help # Build the Docker image build: @./scripts/build.sh # Start the lab container up: @LAB_PORT=$(LAB_PORT) ./scripts/up.sh # Stop and remove the lab container down: @./scripts/down.sh # Switch to the vulnerable mod_rewrite vuln: @./scripts/use-vuln.sh # Switch to the fixed mod_rewrite fixed: @./scripts/use-fixed.sh # Show which variant is currently active which: @./scripts/which.sh # Run the full test matrix (both variants by default) test: @LAB_PORT=$(LAB_PORT) ./scripts/run-tests.sh --variant both # Verify the sentinel file is unreadable by non-daemon users verify-sentinel: @echo "Attempting to read sentinel as 'nobody' inside the container ..." @docker exec -u nobody $(CONTAINER_NAME) cat /opt/sentinel/secret.txt 2>&1 && echo "ERROR: sentinel was readable!" && exit 1 || echo "PASS: sentinel is NOT readable by non-daemon users." # Follow container logs logs: @docker logs -f $(CONTAINER_NAME) # Open a shell inside the container shell: @docker exec -it $(CONTAINER_NAME) bash # Display help help: @echo "CVE-2026-24072 Testing Lab — Makefile targets" @echo "" @echo " make build Build the Docker image" @echo " make up Start the lab container (port $(LAB_PORT))" @echo " make down Stop and remove the container" @echo " make vuln Switch to VULNERABLE mod_rewrite" @echo " make fixed Switch to FIXED mod_rewrite" @echo " make which Show active variant" @echo " make test Run full test matrix (both variants)" @echo " make verify-sentinel Confirm non-daemon user cannot read sentinel" @echo " make logs Follow container logs" @echo " make shell Open a shell inside the container" @echo "" @echo "Override port: LAB_PORT=9090 make up"